We are hiring! Windows Kernel Developer (Remote), apply here!
flash

DCwTjs2dTP.exe

Status: finished
Submission Time: 2022-08-05 09:15:09 +02:00
Malicious
Trojan
AsyncRAT, DcRat

Comments

Tags

  • DCRat
  • exe
  • RAT

Details

  • Analysis ID:
    679101
  • API (Web) ID:
    1046608
  • Analysis Started:
    2022-08-05 09:15:11 +02:00
  • Analysis Finished:
    2022-08-05 09:24:19 +02:00
  • MD5:
    2ed2a1d6604afeaa681f4c66dcd84194
  • SHA1:
    6134d837220afe9377cd78950c8aca43dde08d8c
  • SHA256:
    2a48fa5118bf1c97de6a6b7b0a45bcc95bd678d54f31e2f2d003e5f3ea49c780
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
13/26

malicious

IPs

IP Country Detection
182.186.88.126
Pakistan

Domains

Name IP Detection
techandro.giize.com
182.186.88.126

URLs

Name Detection
hsolic.duckdns.org
techandro.giize.com
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DCwTjs2dTP.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\sihost.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, 61712 bytes, 1 file
#
Click to see the 3 hidden entries
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
#
C:\Users\user\AppData\Local\Temp\tmp53F0.tmp.bat
DOS batch file, ASCII text, with CRLF line terminators
#
\Device\Null
ASCII text, with CRLF line terminators, with overstriking
#